Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Significantly easier to detect than create? Not quite NP, but intuitively an AI which can create such an exploit could also detect it.

The economics is more about how much the defender is willing to spend in advance protection vs the expected value of a security failure



I think the issue I have with this argument is that it's not a logical conclusion that's based on technological choice.

It's an argument about affordability and the economics behind it, which puts more burden on the (open source) supply chain which is already stressed to its limit. Maintainers simply don't have the money to keep up with foreign state actors. Heck, they don't even have money for food at this point, and have to work another job to be able to do open source in their free time.

I know there are exceptions, but they are veeeery marginal. The norm is: open source is unpaid, tedious, and hard work to do. It will get harder if you just look at the sheer amount of slopcode pull requests that plague a lot of projects already.

The trend is likely going to be more blocked pull requests by default rather than having to read and evaluate each of them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: